Why we made this change

Visitors are allowed 3 free articles per month (without a subscription), and private browsing prevents us from counting how many stories you've read. We hope you understand, and consider subscribing for unlimited online access.

There is nothing hypothetical about this for many people: the problem emerges, wholly formed, when tragedy strikes. What’s worse, more than half of Americans don’t have a will, let alone one that’s up to date, according to a 2016 Gallup Poll. As a result, most survivors lack a road map to the deceased’s assets (physical and digital) or even, in some cases, the legal authority to proceed.

Fortunately, there are many things you can do now, without a lawyer, to make things easier for your survivors.

#1 Build a back doorFifteen years ago, if you died and your next of kin got your laptop, that person was pretty much guaranteed access to your data. Then, in 2003, Apple introduced full disk encryption, designed to protect your data from a thief, but also keeping it out of the reach of your survivors. Cryptocurrencies pose a similar problem: if no one has access to your digital wallet, then any value there is lost—there’s no Bitcoin central control to complain to.

Today there’s a debate as to whether tech companies should put back doors in their crypto technology so law enforcement can get access to data on devices they seize during an investigation. Short of that, it’s easy to back-door your encryption yourself: just write down your hard drive’s master password, put the paper in an envelope, and seal it. Do the same with your Bitcoin wallet. Make sure it’s well hidden but in a location that’s known to your loved ones.

#2 Sign up for Inactive Account ManagerIf you have a Gmail account, use Inactive Account Manager to specify an e-mail address that will be automatically notified three months after your Google account goes inactive. Google defines “activity” broadly: if you check Gmail, log in to a Google website, or perform a search with a Chrome browser that’s logged into your account, Google will assume you’re not dead. But when your digital heartbeat stops, this approach ensures that someone you trust can access your Gmail account, Google Photos, and other data.

#3 Download your medical recordsYour doctor is supposed to keep copies of your test results and other records, but it’s a good idea to keep your own. Ask for copies and scan them. You might also be able to get your records directly if your health-care provider participates in the US government’s Blue Button Connector, which lets you download PDF files for yourself and a special format for other health-care providers (should you wish to give it to them).

My elderly father keeps a copy of his records on a USB stick that he carries with him at all times. It comes in handy when he sees a specialist who might not have access to his primary care provider’s computer. Yes, there’s a risk the stick could fall into the wrong hands, but he’s decided that the risk of medical professionals not having access to his records is greater.

#4 Use a password managerIt used to be straightforward to identify the deceased’s accounts by waiting for bank statements and tax bills to arrive by snail mail. These days, two thirds of Americans do their banking online (according to a 2017 survey by the American Bankers Association), and many people no longer receive paper statements. This significantly increases the chance that your bank accounts or retirement accounts might be declared “abandoned” in the event that you die.

So use a password manager like 1Password or LastPass. Now make sure that your spouse, or lawyer, or children, or parents, or somebody has some way to get to your accounts (so they can, for example, save any cherished photos or easily delete your accounts after you’re gone).

One way that couples can simply access each other’s accounts is by sharing their passwords. This is getting harder as websites implement two-factor authentication, but it’s still possible by registering multiple second factors (like a FIDO Universal 2nd Factor device) and giving one to each partner.

#5 Ponder the complexities of social mediaIf you are an avid user of Facebook or Twitter, take some time to read their data-after-death policies. You might not like what you find.

When Facebook is notified that one of its users has become medically incapacitated or died, the company allows authorized individuals to request that the user’s account be either “memorialized” or removed. Be aware: memorialized accounts can be managed by a legacy contact (who has to be specified in advance), but that person can’t log into the Facebook account, remove or change past posts, or read private messages. In one famous case, parents of a 15-year-old German girl who died after being hit by a subway train were unsuccessful in trying to force Facebook to open the girl’s account so that they, the parents, could determine if she had experienced cyber-bullying or depression, or if her death really was a tragic accident.

Twitter’s policy is similar: after you die, a family member can contact the company and ask that your account be deleted, according to a help page on its website. Twitter will also, if requested, remove specific imagery or messages sent just before or after an individual’s death. But Twitter will not give family members access to a deceased user’s private messages.

So if you’re storing something on Facebook that you’d like people to have access to after you’re gone, you should download that data regularly and store it where your loved ones will have access—for example, in Google Drive.

#6 Be careful what you wish forI gave much of this advice at a cybersecurity training seminar a few months ago, and almost everybody in the room thought I was crazy. The people there—mostly men—said they’d never share their passwords with their spouses.

And maybe they’ve got a point. Family members should be careful about taking extraordinary measures to crack open these encrypted digital crypts, warns Ibrahim Baggili, associate professor of computer science at the University of New Haven and an expert in digital forensics. “This person I knew died, and his wife managed to finally break into his e-mails and iPad and found all sorts of things about him that she did not want to know,” says Baggili. “She really loved him, and it changed her whole perspective on him.”

Simson Garfinkel is a science writer living in Arlington, Virginia, and coauthor of The Computer Book: From the Abacus to Artificial Intelligence, 250 Milestones in the History of Computer Science, published this November by Sterling Milestones.

Be the leader your company needs. Implement ethical AI.Join us at EmTech Digital 2019.

Share

Tagged

Simson L. Garfinkel is a computer security research scientist whose interests include digital forensics, security, personal information management, privacy, and terrorism. He holds six U.S. patents for his computer-related research, has published… More dozens of journal and conference papers in security and computer forensics, is the author or co-author of 14 books, and has started five companies.

You've read
of three
free articles this month.
Subscribe now for unlimited online access.
You've read
of three
free articles this month.
Subscribe now for unlimited online access.
This is your last free article this month.
Subscribe now for unlimited online access.
You've read all your free articles this month.
Subscribe now for unlimited online access.
You've read
of three
free articles this month.
Log in for more, or subscribe now for unlimited online access.
Log in for two more free articles, or subscribe now
for unlimited online access.